Skip to content

fix(security): fix trust level mapping and implement get_agent #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
beonde merged 2 commits into from
Apr 17, 2026
+24 −5
Merged

fix(security): fix trust level mapping and implement get_agent #53

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b5e8d4e
fix(security): fix trust level mapping and get_agent stub
beonde Apr 17, 2026
a36ee24
fix: address Copilot review — proto fields, include_badge, comment
beonde Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 24 additions & 5 deletions capiscio_sdk/_rpc/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1754,14 +1754,31 @@ def ping(self) -> dict:

def get_agent(self, did: str) -> tuple[Optional[dict], Optional[str]]:
"""Get an agent by DID."""
request = registry_pb2.GetAgentRequest(did=did)
request = registry_pb2.GetAgentRequest(did=did, include_badge=True)
response = self._stub.GetAgent(request)

if response.error_message:
return None, response.error_message

# TODO: Convert response.agent to dict
return None, "not yet implemented"
agent = response.agent
if not agent or not agent.did:
return None, "agent not found"
Comment on lines +1763 to +1765
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GetAgentRequest supports include_badge / verify_badge, but this method currently doesn’t set them while attempting to return badge-derived details (e.g., domain). If the intent is to expose badge-derived fields, set include_badge=True (and optionally verify_badge=True) and handle the case where the badge is absent/empty.

Copilot uses AI. Check for mistakes.

Comment on lines 1760 to +1766
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

get_agent() now has non-trivial response-shaping logic (including “not found” handling and field projection), but there’s no automated coverage around these branches. Add a unit test with a mocked RegistryServiceStub that returns: (1) error_message set, (2) an empty agent message, and (3) a populated RegisteredAgent, and assert the method’s (dict, error) outputs for each case.

Copilot uses AI. Check for mistakes.
result = {
"did": agent.did,
"name": agent.name,
"description": agent.description,
"status": agent.status,
"agent_card_json": agent.agent_card_json,
"capabilities": list(agent.capabilities),
"tags": list(agent.tags),
}

# Include badge domain if badge is present
if agent.badge and agent.badge.domain:
result["domain"] = agent.badge.domain

return result, None


def _claims_to_dict(claims) -> dict:
Expand All @@ -1770,9 +1787,11 @@ def _claims_to_dict(claims) -> dict:
return {}

# Map proto enum to human-readable trust level string
# Note: UNSPECIFIED (0) defaults to "1" (DV) for compatibility
# SECURITY: UNSPECIFIED (0) is coerced to Level 0 (self-signed / unverified).
# This is the lowest trust level. Mapping it higher would silently elevate
# unverified badges.
trust_level_map = {
0: "1", # TRUST_LEVEL_UNSPECIFIED -> default to DV (1)
0: "0", # TRUST_LEVEL_UNSPECIFIED -> coerced to Level 0 (lowest)
1: "0", # TRUST_LEVEL_SELF_SIGNED (Level 0)
2: "1", # TRUST_LEVEL_DV (Level 1)
3: "2", # TRUST_LEVEL_OV (Level 2)
Expand Down
Loading